Industry Certifications

We focus on security, compliance, and privacy to be your most trusted cybersecurity company

Adherence to technology certifications and industry compliance is critical to maintaining a robust and stalwart security profile. Because of this, Trellix is dedicated to ensuring its security products and technologies meet or exceed critical industry certifications and compliance requirements.

FedRAMP

FedRAMP

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP enables agencies to rapidly adapt from old, insecure legacy IT to mission-enabling, secure, and cost-effective cloud-based IT. This certification includes the expanded boundary of Trellix XDR and Email Security (ESC GovCloud), which includes the company's proprietary modules, including antivirus, anti-spam, and impersonation detection capabilities.

Trellix XDR GovCloud  |  Trellix Email Security GovCloud

ISO 27001

ISO 27001

As one of the highest internationally recognized standards for information security, this certification covers every aspect of people, process, and systems security. The scope of the ISO/IEC 27001:2013 certification is limited to the information security management system (ISMS). Trellix was certified ISO 27001 compliant in November 2022.

ISO 27017

ISO 27017

ISO 27017 provides guidance on the information security aspects of cloud computing, recommending the implementation of cloud-specific information security controls that supplement the guidance of the ISO 27002 and ISO 27001 standards. Trellix was certified ISO 27017 compliant in November 2022.

ISO 27018

ISO 27018

ISO 27018 is the international standard for protecting personal information in cloud storage. The term for the personal data it covers is Personally Identifiable Information (PII). Trellix was certified ISO 27018 compliant in November 2022.

ISO 27701

ISO 27701

As one of the highest internationally recognized standards for information security, this certification covers every aspect of people, process, and systems security. The scope of the ISO/IEC 27001:2013 certification is limited to the information security management system (ISMS). Trellix was certified ISO 27001 compliant in November 2022.

SOC 2 - Service Organization and Controls

SOC 2 - Service Organization and Controls

Trellix undergoes annual independent third-party SSAE18 audit using the criteria set forth in the American Institute of Certified Public Accountants (AICPA) Guide Reporting on Controls at a Service Organization Relevant to Security, Availability, Confidentiality (SOC 2®), and the suitability of the design and operating effectiveness for the security, availability, and confidentiality principles set forth in the Trust Services Principles, TSP session 1 ODA. Trellix can provide its users with business need a report of its compliance (SOC2 Type II report), for the offerings listed below, that includes a description of the Trellix controls environment, and the external audit result and opinion of Trellix's controls that meet the AICPA Trust Services Security, Availability, and Confidentiality Principles and Criteria.

Trellix Helix  |  Trellix ePO SaaS  |  IVX  |  Trellix Email Security

TISAX

TISAX

Trusted Information Security Assessment Exchange (TISAX) is a European automotive industry-standard information security assessment (ISA) catalog based on key aspects of information security such as data protection and connection to third parties. Trellix received this certification in January 2024.